Use stronger algorithm needed for FIPS in t/op/taint.t
This commit is contained in:
Petr Písař
parent
aa05a418d0
commit
55d8c0d4e2
|
|
@ -0,0 +1,47 @@
|
|||
From 0a370b8f77bd4b1be3f776257869e5c85eb9e8e2 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
|
||||
Date: Mon, 1 Dec 2014 15:28:36 +0100
|
||||
Subject: [PATCH] t/op/taint.t: Perform SHA-256 algorithm by crypt() if default
|
||||
one is disabled
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The crypt(3) call may return NULL. This is the case on FIPS-enabled
|
||||
platforms. Then "tainted crypt" test would fail.
|
||||
|
||||
See RT#121591 for similar fix in t/op/crypt.t.
|
||||
|
||||
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
||||
---
|
||||
t/op/taint.t | 14 +++++++++++++-
|
||||
1 file changed, 13 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/t/op/taint.t b/t/op/taint.t
|
||||
index f9e8331..a13fde4 100644
|
||||
--- a/t/op/taint.t
|
||||
+++ b/t/op/taint.t
|
||||
@@ -1967,7 +1967,19 @@ foreach my $ord (78, 163, 256) {
|
||||
SKIP: {
|
||||
skip 'No crypt function, skipping crypt tests', 4 if(!$Config{d_crypt});
|
||||
# 59998
|
||||
- sub cr { my $x = crypt($_[0], $_[1]); $x }
|
||||
+ sub cr {
|
||||
+ # On platforms implementing FIPS mode, using a weak algorithm
|
||||
+ # (including the default triple-DES algorithm) causes crypt(3) to
|
||||
+ # return a null pointer, which Perl converts into undef. We assume
|
||||
+ # for now that all such platforms support glibc-style selection of
|
||||
+ # a different hashing algorithm.
|
||||
+ my $alg = ''; # Use default algorithm
|
||||
+ if ( !defined(crypt("ab", "cd")) ) {
|
||||
+ $alg = '$5$'; # Use SHA-256
|
||||
+ }
|
||||
+ my $x = crypt($_[0], $alg . $_[1]);
|
||||
+ $x
|
||||
+ }
|
||||
sub co { my $x = ~$_[0]; $x }
|
||||
my ($a, $b);
|
||||
$a = cr('hello', 'foo' . $TAINT);
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
|
@ -97,6 +97,10 @@ Patch26: perl-5.18.2-Destroy-GDBM-NDBM-ODBM-SDBM-_File-objects-only-from-
|
|||
# in upstream after 5.21.6
|
||||
Patch27: perl-5.21.6-Report-inaccesible-file-on-failed-require.patch
|
||||
|
||||
# Use stronger algorithm needed for FIPS in t/op/taint.t, bug #1128032,
|
||||
# RT#123338
|
||||
Patch28: perl-5.21.6-t-op-taint.t-Perform-SHA-256-algorithm-by-crypt-if-d.patch
|
||||
|
||||
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
|
||||
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
|
||||
|
||||
|
|
@ -1977,6 +1981,7 @@ tarball from perl.org.
|
|||
%patch25 -p1
|
||||
%patch26 -p1
|
||||
%patch27 -p1
|
||||
%patch28 -p1
|
||||
%patch200 -p1
|
||||
%patch201 -p1
|
||||
|
||||
|
|
@ -1997,6 +2002,7 @@ perl -x patchlevel.h \
|
|||
'Fedora Patch25: Use stronger algorithm needed for FIPS in t/op/crypt.t (RT#121591)' \
|
||||
'Fedora Patch26: Make *DBM_File desctructors thread-safe (RT#61912)' \
|
||||
'Fedora Patch27: Report inaccesible file on failed require (RT#123270)' \
|
||||
'Fedora Patch28: Use stronger algorithm needed for FIPS in t/op/taint.t (RT#123338)' \
|
||||
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
|
||||
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
|
||||
%{nil}
|
||||
|
|
@ -3789,6 +3795,7 @@ sed \
|
|||
%changelog
|
||||
* Mon Dec 01 2014 Petr Pisar <ppisar@redhat.com> - 4:5.20.1-315
|
||||
- Report inaccesible file on failed require (bug #1166504)
|
||||
- Use stronger algorithm needed for FIPS in t/op/taint.t (bug #1128032)
|
||||
|
||||
* Wed Nov 19 2014 Petr Pisar <ppisar@redhat.com> - 4:5.20.1-314
|
||||
- Consider Filter::Util::Call dependency as mandatory (bug #1165183)
|
||||
|
|
|
|||
Loading…
Reference in New Issue